WASHINGTON — The Pentagon is advising members of the military not to use consumer DNA kits, saying the information collected by private companies could pose a security risk, according to a memo co-signed by the Defense Department’s top intelligence official.
A growing number of companies like 23andMe and Ancestry sell testing kits that allow buyers to get a DNA profile by sending in a cheek swab or saliva sample. The DNA results provide consumers information on their ancestry, insights into possible medical risks and can even identify previously unknown family members.
The boom in popularity of such kits has raised ethical and legal issues, since some companies have shared this data with law enforcement or sold it to third parties. The Defense Department is now expressing its own concerns about these kits.
“Exposing sensitive genetic information to outside parties poses personal and operational risks to Service members,” says the Dec. 20 memo signed by Joseph D. Kernan, the undersecretary of defense for intelligence, and James N. Stewart, the assistant secretary of defense for manpower.
The memo — which says that some DNA kit companies have been targeting military personnel with discounts — appears to have been distributed widely within the Defense Department, though it has not previously been made public. The memo was obtained by Yahoo News.
“These [direct-to-consumer] genetic tests are largely unregulated and could expose personal and genetic information, and potentially create unintended security consequences and increased risk to the joint force and mission,” states the memo.
The memo provides little details on how genetic profiles could endanger security, other than noting that potential “inaccuracies” in health information could pose a risk to military personnel, who are required to report medical issues. Most of the health reports provided by DNA companies typically pertain to medical risks, though, such as a predisposition to cancer, rather than diagnosing a condition.
However, the involvement of the Pentagon’s intelligence chief in the issue points to broader concerns about biometrics — like DNA, fingerprints and facial recognition — which have been crucial in helping the U.S. identify potential enemies but also expose U.S. national security personnel to identification by other countries.
U.S. intelligence officials are increasingly concerned about how DNA testing will affect their ability to operate worldwide, says a former senior intelligence official, who pointed to the rise of DNA swab tests at some international airports as one factor in a decline in CIA personnel using aliases while travelling abroad.
Erin Murphy, a professor at New York University’s School of Law, says she’s heard about concerns that a foreign government with suspicions about someone operating inside their country — like a potential spy — could use a commercial genetic database to unmask the person. “It all boils down to the same basic idea,” she says. “In a world in which a few stray cells can be used to identify a person, there is no such thing as a covert action, and no such thing as anonymity.”
One possible scenario, Murphy says, would be for someone to use genetic information to track down covert operatives involved in a high-level foreign military operation, such as the killing of Osama bin Laden, in order to exact revenge. “It’s not hard to imagine a world where people are blithely sharing information online without realizing their third cousin is a Navy SEAL, or an operative of the CIA.”
The Pentagon did not respond to specific questions raised by Yahoo News about the memo, but offered a general statement about its purpose: "We want to ensure all service members are aware of the risks of Direct to Consumer (DTC) genetic testing," said Jessica Maxwell, a Defense Department spokesperson.
For consumers turning to commercial companies for DNA profiles, one of the primary concerns has been about privacy, and the potential for others to exploit personal data, or somehow use it in ways that wasn’t intended, particularly as the size of the private DNA databases has grown. Ancestry boasts some 15 million users, while 23andMe says it has 10 million.
In response to a query from Yahoo News, a spokesperson for Ancestry said the company does not offer military discounts. The spokesperson also said the company has taken a number of measures to protect users’ privacy.
“Protecting our customers’ privacy and being good stewards of their data is Ancestry’s highest priority. Ancestry does not share customer DNA data with insurers, employers, or third-party marketers,” the spokesperson said in an emailed statement. “Ancestry will also not share customer personal information with law enforcement unless compelled to by valid legal process, such as a court order or search warrant.”
In response to queries from Yahoo News, 23andMe defended its privacy protection, and took issue with concerns over security. “All of our customers should be assured we take the utmost efforts to protect their privacy, and that the results we provide are highly accurate,” a spokesman wrote in a statement. “Our FDA-authorized health reports have been tested at over 99% accuracy. All of our testing is done in the U.S., and we do not share information with third parties without separate, explicit consent from our customers.”
Now even the Pentagon appears to recognize this potential threat. “[T]here is increased concern in the scientific community that outside parties are exploiting the use of genetic data for questionable purposes, including mass surveillance and the ability to track individuals without their authorization or awareness,” says the memo.
The Pentagon’s concerns about genetics and surveillance might be viewed by some as ironic, since the Defense Department has its own massive repository of DNA. Following the 1991 Gulf War, the Pentagon began a mandatory DNA collection program for members of the military in order to identify remains of someone killed in conflict.
The Pentagon also collects DNA samples from terrorists and others detained on the battlefield. Most famously, the U.S. military identified Osama bin Laden’s body after he was killed by Navy SEALS in 2011, reportedly using a sample collected from a family member of the Al Qaeda leader. (After bin Laden’s death, the New York Times revealed that the CIA had organized a phony vaccination program in Pakistan in an attempt to collect DNA from the compound where bin Laden was hiding.)
And earlier this year, the Pentagon said it used DNA testing to confirm the death of Abu Bakr al-Baghdadi, the leader of the Islamic State group. The U.S. government had collected al-Baghdadi’s DNA when he was detained by coalition forces in Iraq more than a decade ago.
It may be that the Pentagon’s newfound concern over DNA kits is based on the belief that a hostile country or group could use DNA in the same manner that the U.S. government often uses it: to target enemies. Earlier this year, the chief of naval operations said at a public event that DNA from consumer testing kits might be used in the future for tailorable biological weapons, a concern that most experts regard as far-fetched.
In either case, the Defense Department appears to not want to take that chance.
“Until notified otherwise, DoD military personnel are advised to refrain from the purchase and/or use of DTC [direct to consumer] genetic services,” the memo says.
* Sharon Weinberger contributed reporting to this article.
Read more from Yahoo News: